No security for my Web Page..Can view the session ID from the URL

My issue is:- After logging in thru login1.aspx as localhost,i go to HRapprove.aspx.but if i copy the URL of HRapprove.aspx and paste it in another browser,i can access the page.Actually my code is that i should not access that page without logging in and page should redirect to login1.aspx.When i copy the URL,i can see my Session ID in it.Why its happening?I have checked whether session is null,then redirect to login1.aspx.But no use.Is it the problem with my code.I havent used anycookies. Is that the reason.Please help me.Pasting my code here.

ProtectedSub Page_Load(ByVal sender AsObject,ByVal e As System.EventArgs)HandlesMe.Load

Try

        con =NewOleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\HR Portal.accdb")

        con.Open()

        cmd.Connection = con

        hr_Id = Request.QueryString("HRID")

        HrEmail = Request.QueryString("Hr_Email")

        Session("HREmail") = HrEmail

        Session("HR_ID") = hr_Id

             If Session("HR_ID")IsNothingThen

                Response.Redirect("login1.aspx")

Return

EndIf

IfNot IsPostBack Then

                bindPending()

                bindApproved()

                    EndIf

Catch ex AsException

EndTry

EndSub

PublicSub bindPending()

        cmd.CommandType =CommandType.Text

        cmd.CommandText ="Select ID,LEF_DATE,XP_EMPLOYEE_ID,XP_EMPLOYEE_NAME,LEF_TYPE,LEAVE_START_DATE_REQ,LEAVE_END_DATE_REQ,NEXT_LEAVE_DUE_DATE_ENT,LEAVE_DAYS_REQ,PRE_APPROVED_DATE,HR_REMARKS,HR_STATUS,CNT_POSITION_HELD,MANAGER_NAME from TBL_LEF_DETAILS01 where PRE_APPROVE=TRUE and HR_APPROVE=0 and HR_STATUS is NULL order by ID desc"

       da.SelectCommand = cmd

        da.Fill(dse,"hr")

If dse.Tables("hr").Rows.Count = 0 Then

            lblPending.Text ="No Pending Requests"

            dse.Tables("hr").Clear()

            dse.Clear()

Exit Sub

Else

            GVHRpending.DataSource = dse

            GVHRpending.DataBind()

            dse.Tables("hr").Clear()

            dse.Clear()

EndIf

EndSub

PublicSub bindApproved()

        cmd.CommandType =CommandType.Text

        cmd.CommandText ="Select ID,LEF_DATE,XP_EMPLOYEE_ID,XP_EMPLOYEE_NAME,LEF_TYPE,LEAVE_START_DATE_REQ,LEAVE_END_DATE_REQ,NEXT_LEAVE_DUE_DATE_ENT,LEAVE_DAYS_REQ,PRE_APPROVED_DATE,HR_REMARKS,HR_STATUS,HR_APPROVED_DATE from TBL_LEF_DETAILS01 where PRE_APPROVE=TRUE and HR_APPROVE=TRUE order by ID desc"

        da.SelectCommand = cmd

        da.Fill(dse1,"hr1")

If dse1.Tables("hr1").Rows.Count = 0 Then

            lblApproved.Text ="No Approved Requests"

            dse1.Tables("hr1").Clear()

            dse1.Clear()

Exit Sub

Else

            GVHRapproved.DataSource = dse1

            GVHRapproved.DataBind()

            dse1.Tables("hr1").Clear()

            dse1.Clear()

EndIf

EndSub

Someone please help me..